The Zap web app, deployed at zap.wzrd.tech, is the primary surface for everyone who builds with or runs Zap. Creators use it to trigger one-click recipe runs and manage their provider vault. Agents (Codex, Claude Code, Cursor, OpenClaw, Hermes, and similar tools) use the skill manifest endpoints and mock run commands as a starting point. Developers call the REST API directly to integrate recipe execution into their own pipelines.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/gratitude5dee/Zap/llms.txt
Use this file to discover all available pages before exploring further.
Primary Routes
| Route | Description |
|---|---|
/ | Public landing page — showcases installed recipes, signals the runtime contract, and links to the agent quickstart. |
/gallery | Installed Zap gallery — browse every recipe packaged in the current deployment. |
/docs | Docs entry point — full reference documentation browsable in-app. |
/quickstart | Agent quickstarts for Codex, Claude Code, Cursor, OpenClaw, Hermes, and similar tools. |
/studio | Eve-powered agent studio — chat-driven recipe authoring and execution. |
/zap/[slug] | One-click creator runner for a specific recipe slug (e.g. /zap/world-cup-entrance). |
/runs/[runId] | Run progress and output detail — real-time step states and output URLs for a completed or in-flight run. |
/settings | Wallet auth and BYOK provider secrets — connect a Thirdweb wallet and manage encrypted provider keys. |
Auth Posture
Zap uses a tiered auth model designed to keep demos frictionless while protecting live spending and provider credentials. Public — no auth required- All documentation pages (
/docs,/quickstart) - The gallery and recipe detail pages
- Mock demo runs via
POST /api/zaps/runwith"live": false - Skill manifest endpoints (
/api/skills,/api/skills/[skill])
- Creator live runs (
POST /api/zaps/runwith"live": true) — the server rejects requests without a valid bearer token before dispatching to any provider - Provider secret management (
GET /api/secrets,PUT /api/secrets,DELETE /api/secrets) — all mutations require the authenticated owner’s JWT
401 responses on /api/providers/* routes.
REST API Overview
POST /api/zaps/run
Execute a recipe pipeline. Pass
"live": true plus a bearer token to route to real providers; omit it for a zero-spend mock run.GET /api/skills
Return the full skill manifest — recipe names, hashes, and download URLs — used by agents to bootstrap a project.
GET /api/zaps
Return the list of all installed recipe specs — titles, slugs, input contracts, and step definitions — for the current deployment.
PUT /api/secrets
Upsert an encrypted BYOK provider key for the authenticated creator. Keys are stored in Supabase and never returned in plaintext to the browser.
POST /api/auth/wallet-proof
Exchange a Thirdweb EIP-191 wallet signature for a Supabase Auth session token used by all subsequent API calls.
POST /api/zaps/run
Executes a named recipe. Theslug field maps to a file under agent/skills/.
live is true and the token is valid, the server resolves provider keys from the caller’s Supabase vault and dispatches the run to real providers.
GET /api/skills
Returns the full skill download manifest. Theorigin of the request is used to build absolute download URLs, so agents calling from localhost get local URLs.
GET /api/skills/[skill]. Append ?format=json to receive a JSON envelope instead of raw Markdown.
GET /api/zaps
Returns the list of all installed recipe specs fromagent/skills/. Each entry is a PublicZapSpec — the full YAML-derived recipe definition plus a human-readable title field derived from the recipe slug.
/gallery page and the /zap/[slug] runner to enumerate available recipes.
Smoke Test After Deploy
Run these three checks immediately after deploying a new version to confirm the app and key API routes are up:HTTP/2 200. A non-200 on /studio usually indicates a missing environment variable for the Eve agent backend.